Developers within the cryptocurrency industry are warned about a new threat campaign involving the Lazarus gang utilising fake career offers in the Crypto.com platform, aiming to hack, drop malware, and steal digital assets from their victims.
Being one of the world’s largest cryptocurrency exchange platforms, Crypto.com’s aspiring applicants, such as developers, are suitable targets for hackers that want to infiltrate machines and steal crypto assets that could amount to millions.
Since 2020, it was reported that the North Korean-backed Lazarus gang has been running the ‘Operation In(ter)ception’ campaign to target cryptocurrency workforces. In this campaign, targets are lured into launching malware-infected files on their computers which can help them hack crypto companies’ internal infrastructure and steal massive digital assets. Aside from stealing funds and NFTs, the hackers also conduct cyber espionage against their victims.
The Lazarus gang started masquerading Crypto.com to target victims and drop malware onto their computers.
In Lazarus’ past phishing campaigns, they were seen spreading macOS malware against their targets, which they still use for the new Crypto.com campaign observed by researchers. The new campaign begins on the LinkedIn job-hunting platform, where the hackers send messages to their targets, informing them about a career opportunity for the cryptocurrency giant.
The message to the targets contained a PDF file titled ‘Crypto.com_Job_Opportunities_2022_confidential.pdf,’ allegedly containing a list of job vacancies for Crypto.com. If the target launches the PDF file, it will initiate the infection process on their computer, which involves a Mach-O binary creating a folder in the victim’s Library directory that drops two other file stages significant in the attack.
During the analysis, the researchers also noticed some similarities in characteristics of the campaign with the Lazarus gang’s ‘Operation In(ter)ception,’ thus associating the two. The researchers also believe that the hacking group will soon shift to another attack tactic or impersonate another company as they progress their operations.
Since the Lazarus gang is focused on targeting the cryptocurrency industry, the workforce under it is advised to be vigilant against potential attack threats, mostly involving phishing attempts to hack into their computers, drop malware, steal digital assets, and spy on them.
